Privacy policy

1. The purpose of the document is to provide information to a natural person - data subject who is a potential or existing customer, partner, candidate in the competition announced for the selection of personnel of the LVRTC or another person whose personal data may become available to LVRTC within the framework of its commercial activities, regarding the procedures according to which LVRTC processes the data of natural persons.

2. The Privacy Policy applies to:

2.1. LVRTC customers (including former and potential customers) and their representatives, cooperation partners and their representatives, as well as third parties who process any personal data in connection with the provision and/or receiving of services;

2.2. visitors to LVRTC facilities and events organized by LVRTC, where video surveillance or photography is performed;

2.3. users of LVRTC Internet resources and mobile applications;

2.4. applicants for the position in the personnel selection competition announced by LVRTC;

2.5. other natural persons whose personal data may become available to LVRTC within the framework of its commercial activities. in accordance with the procedures established by regulatory enactments

3. The Privacy Policy applies to the processing of personal data, regardless of the form or environment in which the personal data is submitted: in the LVRTC Internet resources using mobile applications, in paper format, in person, electronically or by telephone.

Processor

- Personal data processor. A natural or legal person, public institution, agency or other body on whose behalf the controller processes personal data

Processing

- Any activity or set of activities performed with personal data, with or without automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, viewing, using, disclosing, transmitting of data by distributing or otherwise doing so making them available, matching or combining, limiting, deleting or destroying them

Data subject

- A natural person who can be directly or indirectly identified

eIDAS

- ERegulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

Data of specific categories

- Data revealing a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or participation in trade union, genetic data, biometric data, health data, data on a person’s sexual life or sexual orientation

Customer

- Natural or legal person with whom the State Joint Stock Company “Latvia State Radio and Television Center” has entered into a contract on the provision of specific services or who initiates the process for concluding such a contract

LVRTC

- State Joint Stock Company “Latvia State Radio and Television Center”, unified registration No. 40003011203, Zemitāna street 9, 3rd building, 4th floor, Riga, Latvia, LV-1012

Facility

- The physical environment in which the service provider’s resources related to the provision of services are located

Service provider

- State Joint Stock Company “Latvia State Radio and Television Center”, unified registration No. 40003011203, Zemitāna Street 9 k-3, Riga, Latvia, LV-1012, which is a trust and electronic identification service provider

Personal data

- Any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be directly or indirectly identified, in particular by reference to an identifier such as the said person's name, surname, identification number, location data, online identifier or one or more physical, physiological, genetic, spiritual, economic, cultural or social identity factors

Certificate

- Public key of the user, along with other information protected against forgery, using encryption with the private key of the issuing certification authority

Third party

- In the sense of the Regulation, a natural or legal person, public institution, agency or structure that is not a data subject, manager, processor and persons who are authorized to process personal data under the direct authority of the manager or processor;

General Data Protection Regulation

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

2.2 Terms not defined in this document are used in accordance with the General Data Protection Regulation, eIDAS Regulation and other laws and regulations governing the protection of personal data and the field of trust and electronic identification services.

1. LVRTC ensures that personal data is processed in accordance with the current laws and regulations of the Republic of Latvia, the General Data Protection Regulation and other applicable laws and regulations in the field of privacy and data processing.

2. LVRTC is aware of the importance of an individual’s right to privacy and has put in place technical and organizational measures to process, control and protect personal data according to available technological, financial and organizational capabilities. LVRTC has evaluated and identified appropriate physical, technical, logical and organizational measures to reduce and protect security risks to ensure the security, integrity and privacy of personal data.

3. The controller of personal data is the State Joint Stock Company “Latvia State Radio and Television Center”, unified reg. No. 40003011203, legal address Zemitāna street 9, 3rd building, 4th floor, Riga, Latvia, LV-1012.

4. Regarding to the processing of cookies, the data subject is informed at the moment when he or she provides the relevant data to LVRTC. LVRTC’s cookie policy is available on the LVRTC websites: lvrtc.lv and www.eparaksts.lv.

Data category and examples

1. Personal identification data

- Vame, surname, personal identification code/personal identification number, date of birth if the person does not have personal identification code, personal identification document number and validity period, signature.

2. Personal contact details

- Adrese, tālruņa numurs, elektroniskā pasta adrese, oficiālā elektroniskā adrese.

3. Identification data of the representative of the customer - legal entity

- Name, surname, job title. If the identification of the customer’s representative is expected within the framework of the concluded contract, also the personal identification code/personal identification number or date of birth, if the person does not have a personal identification code, data of personal identification document, contact details, signature.

4. Customer’s data

- The following personal data is additionally processed for customers of trust (certification) and electronic identification services provided by LVRTC: previous personal identification code (if applicable), age (only in cases specified in laws and regulations, to ensure verification of a person’s age limit for receiving specified services or purchase of items), personal status in the Population Register, data of issued certificates, data on certificate carrier (if applicable), data on activities performed during use of services (suspension, renewal, revocation of certificates, issuance of PIN envelopes, re-issuance of certificates, creation of electronic signatures, electronic identification activities) required to verify the validity of a certificate, an electronic signature or for the provision of electronic identification service.

5. Service data

- Service name and service parameters (including, but not limited to - address, installation date, price, discount, discount expiration date).

6. Communication data

- Service name and service parameters (including, but not limited to - address, installation date, price, discount, discount expiration date).

7. Payment data

- Bank name and account number, invoice number, date, amount, due date, payment amount, liability amount, note for failure to pay within the specified term, debt amount, debt collection information.

8. Incident application data

- Applicant, application number, voice recording, e-mail, date of registration/resolution, type, description of damage/incident and other data related to the resolution of the incident.

9. Video surveillance data

- Video image, photo fixation and other data related to the video surveillance process (e.g. identification of the location, geographical coordinates, date, time) obtained during video surveillance at LVRTC facilities when data subject was in the video surveillance reception area.

10. Audio recording data

- Audio recordings of the helpdesk and customer service center’s telephone, their date and time.

11. Photos and pictures

- Photo, date when the photo was taken.

12. Activities performed within the websites maintained by LVRTC

- IP address, audiation recordings, data accumulated by cookies.

13. Data of the portal www.eparaksts.lv

- Activities performed by customers on the portal and reports on Customer activities with Trust services, such as statistics on subscriptions performed.

14. Personal data of the applicant for the position in the personnel selection competition announced by LVRTC

- Name, surname, gender, date of birth, contact details, work experience, education (including courses and certificates), language skills and other information provided by the applicant to LVRTC to ensure the conduct of the personnel selection competition and to protect its legal interests as far as related with staff selection.

LVRTC processes personal data for the following purposes:

1.To ensure the provision of services and fulfill the obligations specified in the contracts:

1.1 customer relationship management, entering into contracts and their execution;

1.2 ensuring the operation of services, prevention of incidents and provision of technical support;

1.3 administration of payments, including debt recovery and collection;

1.4 providing LVRTC Internet resources and improving its operation;

1.5 identification of LVRTC customers and cooperation partners for providing access in high security areas;

1.6 improving the quality of service provision by providing evidence of communication with the customer through audio and correspondence recordings.

2. To ensure the development of services:

2.1. creation of new products and preparation of offers;

2.2 market analysis and business model development;

2.3 sending information to customers about improvements in the products provided or issues related to the use of the product.

3. For the prevention or detection of criminal offenses related to the protection of LVRTC property and protection of vital interests of persons, including life and health, as well as the control of access to LVRTC facilities.

4. For ensuring the maintenance of the services and processes if the appropriate extent required for the operation of LVRTC.

5. For the provision of information to public administration institutions and subjects of operational activities in the cases and to the extent specified in external laws and regulations.

6. To fulfill the obligations specified in laws and regulations and to ensure the realization of the legal interests of LVRTC.

7. To ensure the course of the personnel selection competition for the specific vacancy

8. For other specific purposes, of which the data subject is informed at the time he or she provides the relevant data to LVRTC.

LVRTC processes personal data on the following legal bases:

1.1 conclusion and execution of the contract - to enter into the contract upon the customer’s application and ensure its execution;

1.2 compliance with laws and regulations - to ensure the fulfillment of obligations specified in the external regulatory enactment binding to LVRTC;

1.3 legal (legitimate) interests - to implement legal (legitimate) interests of LVRTC arising from the liabilities between LVRTC and the customer or from the contract concluded or the law;

1.4 consent of the data subject;

1.5. public interest;

2. The legal (legitimate) interests of LVRTC are:

2.1 to carry out commercial activities;

2.2 to provide electronic communication services;

2.3 to provide trust (certification) and electronic identification services;

2.4 to ensure the fulfillment of tasks delegated by the state;

2.5 to verify the identity of the customer before concluding the contract or starting to provide the service;

2.6 to ensure the fulfillment of contractual obligations;

2.7 to elaborate and develop goods and services;

2.8 to send reports on the progress of the execution of the contract and events relevant to the execution of the contract;

2.9 to ensure the maintenance and development of electronic communication networks;

2.10 to monitor the operation of services in order to identify technical problems, as well as illegal activities and prevent them;

2.11 to apply to public administration and operational activities authorities and institutions, as well as to a court for the protection of their legal interests.

3. The data subject may provide consent to the processing of personal data in LVRTC service application forms, LVRTC Internet resources, in person, to the person (institution,partner) who provides application for receiving trust and electronic identification services provided by LVRTC on behalf of LVRTC, as well as by agreeing to participate in LVRTC in the announced personnel selection competition.

4. The data subject is entitled to withdraw his or her consent at any time, and in this case the further processing based on the prior consent for the specific purpose will not take place.

5. Withdrawal of consent shall not affect data processing operations carried out while the customer’s consent was in force.

6. Withdrawal of consent may not suspend the processing of personal data carried out on other legal grounds, including in order to fulfill legal obligation applicable to LVRTC.

1. In case the processing of customer’s personal data is performed to ensure the trust and electronic identification services provided by LVRTC, the following additional rules shall apply to the processing of customer’s personal data:

1.1 if the customer, when using the electronic identification means issued by LVRTC, performs electronic identification for receiving a third party service, the customer’s name, surname and personal identification code included in the customer’s certificate shall be transferred to the third party for verification of customer’s identity only with the customer's consent;

1.2. if the customer creates an electronic signature, the customer’s certificate, which includes the customer’s name, surname and personal identification code, is attached to the electronically signed document and these data can be accessed by any person who has access to the customer’s electronically signed document;

1.3 if the customer, when using the electronic identification means issued by LVRTC, performs electronic identification for receiving a third party service or purchasing a product, which is available only after reaching the age specified in the laws and regulations, the customer’s name, surname and personal identification code included in the customer’s certificate and age based on the consent of the customer, are transferred to the third party for verification of the identity and age of the customer.

2. In order to ensure the provision of trust and electronic identification services provided by LVRTC in accordance with external laws and regulations, LVRTC receives personal data from the customer or another person who enters into the contract with LVRTC on the provision of trust services (for example, the customer’s employer).

3. The accuracy of personal data submitted by the LVRTC shall be verified by obtaining data from the Register of Natural Persons, in accordance with Section 2(2) of the Law on Electronic Identification of Natural Persons, Section 6, Subparagraphs 2.2 to 2.3, Section 7 (8) and Section 17, Clause 2 of the Electronic Documents Act. .

4. In case the customer’s data has changed, the customer must immediately notify LVRTC on the current data.

1. Personal data is not transferred to third parties, except in cases when the data transfer is necessary to ensure the performance of the provided service (regardless of whether the service is provided on the basis of a contract or regulatory enactment), to ensure LVRTC legitimate interests (there exists a legal basis for transferring personal data or it is provided in the external laws and regulations) or there is obtained the consent of the data subject.

2. LVRTC may use approved personal data processors (cooperation partners providing services to LVRTC) to ensure the performance of the provided services. In such cases LVRTC shall take the necessary measures to ensure that such personal data processors process personal data in accordance with the instructions of LVRTC and in accordance with applicable laws and regulations, and demand appropriate security measures to be taken.

3. In cases when the customer performs electronic identification for a service provided by a third party using the LVRTC electronic identification provision platform, LVRTC informs the customer about the third party to whom the customer’s data will be transferred, the purpose of data processing and the amount of transferred data.

4. LVRTC does not transfer or make available personal data to recipients from third countries or international organizations. However, the transfer and processing of personal data outside the territory of the European Union and the European Economic Area may take place if there exists a legal basis for doing so, namely in order to fulfill a legal obligation, conclude or perform a contract. In this case, LVRTC makes sure that proper and appropriate protection measures are implemented, in accordance with Chapter 5 of the General Data Protection Regulation.

1. The period for which the personal data will be stored by the LVRTC or, if this is not possible, the criteria used to determine that period:At the end of the storage period of documents or information, personal data are deleted, made inaccessible (archiving) or unidentifiable so that they can no longer be identified with a specific data subject.

1.1. Personal data is stored as long as the customer uses LVRTC services or does not withdraw his consent to data processing if personal data is processed on this basis. A longer period of storage of personal data is allowed in order to fulfill the requirements of regulatory enactments regarding the minimum period of storage of documents or information or to protect the legitimate interests of LVRTC.

1.2. All information obtained during the recruitment process will be stored for a maximum of six months after the end of the recruitment process in order to protect the legal interests of the LVRTC. In the event that LVRTC receives complaints about the specific recruitment process, all information processed during the recruitment process will be retained for as long as necessary to resolve the situation.

1.3. Phone call records will be kept for 18 months. The said time is sufficient for the LVRTC to carry out an analysis of the quality of consultations/responses. In the event of a conflict situation, records of telephone conversations are kept for as long as necessary to resolve the situation.

1.4. Contracts of natural persons for receiving trust and electronic identification services are stored for 10 years after the contract expires or certificates expire or are canceled;

1.5. Video surveillance recording data is stored from 14 to 180 days, unless another processing purpose arises (for example, in connection with a criminal investigation);

1.6. In LVRTC information systems, audit records are stored for at least 18 months in accordance with the requirements of regulatory acts.

1.7. In order to fulfill a legal obligation applicable to LVRTC, all information is stored for as long as it is necessary to achieve the purpose of personal data processing in accordance with the applicable regulatory enactments.

2. After the expiration of the document or information storage period, personal data is deleted, made unavailable (archiving) or de-identified so that it can no longer be identified with a specific data subject.

1. Communication on commercial announcements about LVRTC services and other announcements not related to the provision of direct services (for example, notification of customers) shall be made by LVRTC in accordance with external laws and regulations or on the basis of the customer’s consent.

2. The Customer may consent to the receipt of commercial announcements in LVRTC service application forms or in LVRTC Internet resources.

3. The Customer’s consent to receive commercial announcements is valid until revoked (also after the termination of the service contract).

4. The Customer may at any time withdraw from receiving further commercial announcements, using the automated option provided in the commercial announcement to withdraw from receiving further announcements or in writing in accordance with the procedure specified in Clause 12.1.

5. LVRTC stops sending commercial announcements as soon as the received customer request to opt out of such announcements is processed.

1. The data subject is entitled to request information from LVRTC, whether LVRTC processes the data subject’s personal data, on the legal basis of personal data processing, as well as to request access to personal data or to request the issuance of information on these personal data if direct access is not possible.

2. In case the data subject considers that the information available to LVRTC about the data subject is incorrect or incomplete, the data subject is entitled to request its correction, as well as to submit the correct data necessary for the provision of the service. LVRTC is entitled to request the presentation of a document proving changes in the personal data of the data subject if necessary, and the data subject must submit such a document.

3. The data subject is entitled to object to the processing of personal data processed by LVRTC on the basis of LVRTC’s legitimate interests. However, LVRTC will continue to process personal data even if the data subject objects to such processing, if LVRTC has the legal basis for the processing of such data.

4. The data subject is entitled to request LVRTC to delete personal data, however, this does not apply to cases when the storage of personal data is necessary to ensure compliance with the requirements of laws and regulations. When exercising the data subject’s right to deletion of personal data, LVRTC shall perform only such activities and to the extent permitted by laws and regulations or LVRTC’s legitimate interests.

5. The data subject is entitled to transfer his or her personal data to another data controller.

6. In order to exercise his or her rights, the data subject submits a written or electronic application to the LVRTC. In case the data subject is not satisfied with the response received, the data subject is entitled to apply to the Data State Inspectorate if he or she considers that the processing of personal data violates his or her rights and interests in accordance with the applicable laws and regulations.

1. The data subject may contact LVRTC regarding issues related to the processing of personal data in the following way:

1.1 in writing in person at the legal address of LVRTC Zemitāna street 9, 3rd building, 4th floor, Riga, Latvia, LV-1012, presenting an identity document;

1.2 electronically by signing the application with secure electronic signature and sending it to the e-mail ;

1.3 electronically by sending the application to the official electronic address.

2. Upon receipt of a data subject’s request for exercising his or her rights, LVRTC verifies the identity of the data subject, evaluates the request and executes it in accordance with internal and external laws and regulations.

3. LVRTC has appointed personal data protection specialist. Using the contact details above, it is possible to ask the personal data protection specialist questions about the processing of personal data.

1. Privacy Policy is available on the LVRTC websites: lvrtc.lv and www.eparaksts.lv.

2. LVRTC is entitled to unilaterally amend the Privacy Policy. The amendments come into force on the date set by the LVRTC Board, but not earlier than 30 (thirty) days from the posting of the respective notice on the LVRTC websites lvrtc.lv and www.eparaksts.lv.

3. If the customer has not submitted a written notice to LVRTC by the date of entry into force of such amendments, the customer shall be deemed to have agreed to these amendments and they are applicable in the legal relationship between LVRTC and the customer.

1. The Privacy Policy is prepared in Latvian. The Privacy Policy may be translated and may be available in other languages. In case of discrepancies in the translations of the Privacy Policy, the Privacy Policy version in Latvian is always decisive.

2. The Privacy Policy is amended along with changes in the laws and regulations or other internal regulatory documents of LVRTC, as well as by improving the operation of LVRTC information systems and business processes..

3. The privacy policy shall enter into force after its approval at the meeting of the Board of Governors of LVRTC in accordance with the procedure laid down in the Board decision and in the LVRTC Council.